CVE-2025-3103
📋 TL;DR
The CLEVER HTML5 Radio Player WordPress plugin contains an arbitrary file read vulnerability that allows unauthenticated attackers to read any file on the server. This affects all versions up to and including 2.4, potentially exposing sensitive information like database credentials and configuration files. WordPress sites using this plugin are vulnerable.
💻 Affected Systems
- CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain database credentials, compromise the entire WordPress installation, and potentially gain server access through credential reuse or configuration file exposure.
Likely Case
Attackers read wp-config.php to obtain database credentials, compromise the WordPress database, and establish persistent access.
If Mitigated
Attackers can only read non-sensitive files due to proper file permissions and web server restrictions.
🎯 Exploit Status
The vulnerability is in history.php file and requires no authentication. Attackers can use directory traversal techniques to read arbitrary files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 2.4
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'CLEVER HTML5 Radio Player' plugin. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download latest version from CodeCanyon and replace plugin files.
🔧 Temporary Workarounds
Temporary File Restriction
allRestrict access to history.php file via web server configuration
For Apache: add 'Deny from all' to .htaccess in plugin directory
For Nginx: add 'location ~ /history\.php$ { deny all; }' to site config
Plugin Deactivation
linuxTemporarily disable the vulnerable plugin
wp plugin deactivate clever-html5-radio-player
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests containing directory traversal patterns
- Restrict file permissions on sensitive configuration files and database credentials
🔍 How to Verify
Check if Vulnerable:
Check if plugin version is 2.4 or earlier in WordPress admin panel under Plugins sectionCheck Version:
wp plugin list --name='CLEVER HTML5 Radio Player' --field=versionVerify Fix Applied:
Verify plugin version is higher than 2.4 and test if history.php file properly validates file paths📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-content/plugins/clever-html5-radio-player/history.php with ../ patterns
- Multiple failed file read attempts from same IP
Network Indicators:
- Unusual GET requests to history.php with file path parameters
- Traffic spikes to plugin directory
SIEM Query:
source="web_access_logs" AND uri="*history.php*" AND (uri="*../*" OR uri="*..\\*" OR uri="*%2e%2e%2f*")